molecule-core

History

Molecule AI QA Engineer 5dbac3a5ee test(security): regression suite for input validation fixes (#685 #686 #687 #688 ) 30 test cases covering all four security fixes from PR #701: #686 — AdminAuth gate on GET /templates and GET /org/templates: - NoAuth returns 401 when tokens are enrolled - FreshInstall fails open (bootstraps correctly) #687 — UUID path param validation: - URL-encoded traversal (..%2f..%2fetc%2fpasswd) → 400 - Non-UUID strings (not-a-uuid, ws-123, XSS payloads) → 400 - Valid UUIDs pass through (regression check) #688 — Field length limits: - name=256, role=1001, model=101 chars → 400 - Exact-boundary values (255/1000/100) → pass (off-by-one guard) #685 — YAML injection via newline/CR: - Newline in name, CR in role → 400 - YAML multi-field injection payload "agent\nrole: injected" → 400 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-17 12:37:13 +00:00
..
cmd/server	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
internal	test(security): regression suite for input validation fixes (#685 #686 #687 #688 )	2026-04-17 12:37:13 +00:00
migrations	fix(migrations): TEXT→UUID in 028_workspace_artifacts — unblocks all E2E CI	2026-04-17 02:48:08 -07:00
pkg/provisionhook	fix(github): refresh installation token when TTL < 10 min (#547 ) (#567 )	2026-04-17 00:47:03 +00:00
Dockerfile	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
Dockerfile.tenant	fix: address all code review findings + remove exposed secrets	2026-04-16 05:05:49 -07:00
entrypoint-tenant.sh	feat(platform): auto-detect SaaS tenant → control plane provisioner	2026-04-16 11:50:52 -07:00
go.mod	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00
go.sum	feat(platform): wire github-app-auth plugin for per-installation tokens	2026-04-16 12:52:20 -07:00